IN THE CLAIMS: 



1 1 . (Currently Amended) A method of providing access to a server in an 

2 arrangement that includes at least one device that serves as a firewall having a protected 

3 side and an unprotected side, a first proxy adapted to allow clients on the unprotected side 

4 of the firewall to gain direct access thereto, and a second proxy adapted to allow said 

5 server, on the protected side of the firewall to gain direct access thereto and to not allow 

6 said clients direct access thereto insid e a firewall having an IP addr e ss comprising the 

7 steps of: 

8 receiving at a the_first proxy outsid e th e fir e wall a connection request from a 

9 client of said clients that is also outsid e th e fir e wall, said first proxy having an IP addr e ss 

10 that is differ e nt from th e IP addr e ss of the fir e wall ; 

1 1 sending said connection request to the second proxy through said firewall, over a 

12 control channel previously established by a second proxy and controlled by the second 

13 proxy inside said firewall ; 

1 4 said s e cond proxy authenticating the client; 

1 5 when the client is authenticated, said second proxy establishing a data connection 

16 with said first proxy, through said firewall, with the data connection adapted to through 

17 which said first proxy can forward requests of said client to said second proxy , where the 

18 data connection is distinct from the control channel . 
19 

1 2. (Currently Amended) The method of claim 1 further comprising the step of 

2 receiving a requested resource at the second proxy from the server insid e th e fir e wall and 

3 using the established data connection between the second proxy and the first proxy cli e nt 

4 to forward the requested resource to the client. 

1 3. (Original) The method of claim 2 wherein the resource is a document 

2 containing hyperlinks to other resources. 

1 4. (Original) The method of claim 3 wherein the second proxy translates the 

2 hyperlinks in the document into references directed to and interpreted by the second 

3 proxy. 
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1 5. (Original) The method of claim 3 wherein the document is a Web page. 

1 6. (Previously Presented) The method of claim 1 wherein the data connection 

2 uses a secure communication protocol. 

1 7. (Currently Amended) The method of claim 5 6 wherein the secure 

2 communication protocol is SSL. 

1 8. (Original) The method of claim 1 wherein the client is a browser and the 

2 server is a Web server. 

1 9. (Original) The method of claim 1 wherein the client is authenticated using a 

2 password mechanism. 

1 10. (Original) The method of claim 9 wherein the client is authenticated using a 

2 one-time password mechanism. 

1 11. (Currently Amended) A method of providing a cli e nt access to a r e sourc e 

2 stor e d b e hind a fir e wall comprising the steps of: 

3 parsing information of a the resource fer to identify therein hyperlinks that point 

4 to other resources behind a the firewall; 

5 rewriting said hyperlinks to point to a proxy enabled to access said resources 

6 behind the firewall; and 

7 transmitting said information of the resource with the rewritten hyperlinks to the 

8 client. 

1 12. (Original) The method of claim 1 1 wherein the resource is a Web page. 

1 13. (Original) The method of claim 1 1 wherein the rewritten hyperlinks also 

2 comprise security information. 

1 14. (Previously Presented) The method of claim 1 further comprising the step of 

2 receiving at said second proxy, in response to a request for a resource from said second 

3 proxy, said requested resource from the server inside the firewall and using the 
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4 established connection between the second proxy and the client to forward the requested 

5 resource to the client. 

1 15. (Previously Presented) The method of claim 1 further comprising the step of 

2 receiving from said first proxy, at said second proxy, a request for a resource of the 

3 server. 

1 16. (Previously Presented) The method of claim 1 wherein said connection 

2 request comprises a URL, the method further comprising said second proxy executing the 

3 steps of 

4 translating said URL to a URL that corresponds to a URL of a server inside said 

5 firewall; and 

6 establishing a connection with said URL. 

1 17. (Previously Presented) The method of claim 1 wherein the client is 

2 authenticated via said control channel using a password mechanism. 

1 18. (Previously Presented) The method of claim 1 wherein said control channel 

2 is maintained by sending a command that requests a response, over said control channel, 

3 at intervals that insure a silence period of not more than a preselected value. 

1 19. (Previously Presented) The method of claim 1 wherein said control channel 

2 is adapted to carry a limited number of different messages. 

1 20. (Previously Presented) The method of claim 1 wherein said control channel 

2 is adapted to carry messages from a set that consists of 

3 a message sent by said second proxy to establish said control channel, 

4 a message sent by said first proxy to request establishment of said data 

5 connection, 

6 a hailing message that expects a reply, and 

7 a reply message that acknowledges said hailing message. 

1 21. (Previously Presented) The method of claim 1 said step of establishing said 

2 data connection is followed by a step of said second proxy sending a message to said first 
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3 proxy, over said data connection, to inform said first proxy of the establishment of said 

4 data connection. 

5 22. (Previously Presented) The method of claim 1 wherein said control channel 

6 is maintained by periodically one of the proxies sending a command that requests a 

7 response from the other of said proxies. 

8 23 . (Currently Amended) A method of a user at a host on an outside side of a 

9 firewall fire wall obtaining web pages from a server on an inside side of said firewall 

1 0 comprising the steps of: 

1 1 Receivings at a first proxy on the outside side of t he firewall that is adapted to 

1 2 serve as an interface between s e rvers on said inside side of said firewall fir e wall and to 

13 hosts on said outside side of said firewall^ a connection request from a-said user, 

1 4 employing a secure communication protocol; 

1 5 sending said connection request through said firewall, over a control channel 

1 6 previously established by a second proxy on said inside side of said firewall; 

1 7 s aid second proxy authenticating the user; 

1 8 said second proxy establishing a data connection with said first proxy that is 

1 9 distinct from the control channel through said firewall, through which said first proxy 

20 can forward requests of said user client to said second proxy; and 

21 said user obtaining web pages from said server by directing requests to IP address 

22 of said first proxy. 
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